Re: Password protection of a dir.

[Anthony Baratta <Anthony Baratta com>]

redhat-list mb actech net wrote:
> 
> On Thu, 1 Apr 1999, Vineeta wrote:
> 
> > Hi all,
> >   I have a webserver running on my linux box.
> > For security,one of my users wants his stuff under a dir. to be password protected.How do i go about it??
> > please reply soon.
> >
> 
> In your /etc/httpd/conf/access.conf add
> 
> <Directory /home/httpd/html/protected>
> Options Includes
> AllowOverride None
> AuthName Protected
> AuthType Basic
> AuthUserFile /etc/webusers
> <Limit GET POST>
> require valid-user
> </Limit>
> </Directory>

You can avoid mangling the conf (httpd.conf for 1.3.4+ and access.conf
<1.3.4) file  by using an .htaccess file in the target directory. Here's
a thing I wrote up for a friend - use as you see fit....

HOW TO Password Protect a Directory

You need two files - one called '.htaccess' and the other anyname you
want/any location you have read/write access to. I call my web password
files '.htpasswd' and put them in a directory under my home directory.
(If you use a directory off your home directory, make sure that the
directory is 755 and the password file is 644, so the web server can see
and use it.)

e.g. password file is in /web/foo/home/bin-foo while the
/web/sites/foo/members is the password protected directory.

Makes it harder to steal your password file.

OK  create an .htaccess file with this stuff...

+++++

AuthName "<phrase the user sees in the login box>"
AuthType Basic
AuthUserFile /full/path/to/file/.htpasswd
require valid-user

+++++

If course put the .htaccess file in the directory you want password
protected.

Now...cut and paste the following code into a file called make-password
or something - chmod it to 700. (make sure that the path to PERL is
correct)

This file will allow you to make and add password files with out having
to do much work.

(Apache comes with another program to do this, I use this code snippet
because I've attached it to a few admin programs I use with Perl to make
and change user passwords.)

+++++

#!/usr/bin/perl
if (scalar(@ARGV) < 2) {
        print <<EOF;
usage: make-password <htpasswd file> <user> <password>
EOF
        exit;
}

$salt="XX";
$file=$ARGV[0];
$key=$ARGV[1];
$value=$ARGV[2];

if ($file && $key && $value) {
        $hash = crypt($value, "$salt");
        open(DB, ">>$file") || die "Error: $!\n";
        print DB "$key:$hash\n";
        close(DB);
        print "User $key added with password $value,
                encrypted to $hash\n";
        exit;
}

+++++

Put the file in your home 'bin' directory. If your admin set you up
right you
should have a path to a bin directory in your path statement, even if
the bin directory does not exist. (Check with the command 'env'.) Make
the directory if it does not exist.

To make a new password file just type the following in the directory you
want to create the password file.

make-password <htpasswd file name> <user name> <password>

If htpasswd file does not exist it is created. You can use this command
to add new names and passwords to the htpasswd file. To delete a name
and password, just vi the file and 'dd' the line to delete it.

Fire up the browser and test. Should work. 

-- 
Anthony Baratta
President
KeyBoard Jockeys
                    South Park Speaks Version 3 is here!!!
                       http://www.baratta.com/southpark
                              Powered by Tsunami